Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who follows a crafted URL and accesses the webpage with the web form created by Forminator.
References
Configurations
History
10 Sep 2024, 11:19
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CPE | cpe:2.3:a:incsub:forminator:*:*:*:*:*:wordpress:*:* | |
CWE | CWE-79 | |
References | () https://jvn.jp/en/jp/JVN65724976/ - Third Party Advisory | |
References | () https://plugins.trac.wordpress.org/changeset?new=3135507%40forminator%2Ftrunk%2Fassets%2Fjs%2Ffront%2Ffront.mergetags.js&old=3111152%40forminator%2Ftrunk%2Fassets%2Fjs%2Ffront%2Ffront.mergetags.js - Patch | |
References | () https://wordpress.org/plugins/forminator/ - Product | |
References | () https://wpmudev.com/ - Product | |
First Time |
Incsub forminator
Incsub |
09 Sep 2024, 13:03
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
09 Sep 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-09 05:15
Updated : 2024-09-10 11:19
NVD link : CVE-2024-45625
Mitre link : CVE-2024-45625
CVE.ORG link : CVE-2024-45625
JSON object : View
Products Affected
incsub
- forminator
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')